1. Field
The present invention relates to data duplication using a shared storage area, and more specifically, to an information processing apparatus, a data duplication method, a program, and a storage medium for improving security level in data duplication using a shared storage area.
2. Description of the Related Art
A desktop environment in a general operating system is equipped with a clipboard for temporarily storing data. The clipboard is a convenient general-purpose shared memory into which data can be freely written from various applications by a simple operation and from which data can be freely read—provided that a format thereof can be interpreted.
In a general clipboard, one item of data can be stored at one time; however, Microsoft Office (a registered trademark), Emacs and so on provide an extended function for storing past data in another area as an extended function specific to their applications. This function facilitates sharing a plurality of items of data among the applications; however, this is an extended function specific to the applications, and the data is stored in a volatile storage area, which requires that the applications are in operation, and on completion of the applications, the data is lost.
From the viewpoint of extending the function of the clipboard, Japanese Unexamined Patent Application Publication No. 2010-170165 (Patent Literature 1) discloses a data duplication method including saving means capable of ordinary data storage and storing copy source data for pasting; loading means capable of ordinary data reading and restoring copy source data for pasting on an object basis from a copy and paste specific file; copying means for specifying copy source data and creating a paste data file using the saving means; and pasting means for producing a duplicate of the copy source necessary for pasting using the loading means. The technology of Patent Literature 1 allows data to be shared by a plurality of users and to be reused after restarting the computer.
Also in the viewpoint of extending the function of the clipboard, Japanese Unexamined Patent Application Publication No. 2005-250896 (Patent Literature 2) discloses a data-entry support apparatus equipped with a copy (or cut) and paste function in which data that is frequently pasted is left in the clipboard as much as possible.
As described above, the clipboard is a convenient function; however, in the viewpoint of security, it is difficult to manage because of the convenience, which can cause a serious security incident. Unlike a kernel object, the clipboard is a user object that is not equipped with an access control mechanism, such as an access control list (ACL). Therefore, there is a risk of unintended information leakage to a suspicious program operating on the same desktop environment. Although data on a clipboard, pasted on a necessary location, is normally unnecessary data, important data is sometimes left without being overwritten. At that time, the data left on the clipboard may leak to the outside via a peer-to-peer pear file-swapping application or the like infected with a virus. Such information leakage is not permitted in organizations, such as government and municipal offices, universities, and companies.
Accordingly, this intensifies the need for some security restrictions on the clipboard function to prevent information leakage. As a measure against information leakage via a shared memory, for example, Japanese Unexamined Patent Application Publication No. 2010-176431 (Patent Literature 3) discloses an access control program, for the purpose of preventing information leakage caused by reuse of information by a user having an access right, in which particular processes, such as copying and pasting, that an OS or applications perform to reuse the content of a protected document stored in a document storage area, are monitored, and when the particular processes are detected, various processes for setting a second access right, which succeeds a first right, to a second document that reuses the content of a first document, to which a first right is set, are executed.
According to the related art of Patent Literature 3, the access control policy of a copy source document is handed over to a copy destination document, so that an information flow via the shared memory can be controlled. However, the technology of Patent Literature 3 is a technology for setting a document access control policy, and thus, data may remain in an unprotected state on the shared memory.
The foregoing background requires a technology capable of efficiently limiting the lifetime of data in a shared storage area, such as a clipboard, so that unnecessary data after being pasted to a necessary location can be efficiently erased.
On the other hand, since the clipboard is a general-purpose shared memory that is accessed from all processes, uniformly limiting the function of the clipboard results in a loss of the convenience. For GUI-based computers, it is not desirable to unnecessarily impair the user convenience for the purpose of enhancing the security. Furthermore, because only protection for particular applications has low effect, it is desirable to achieve a high-versatility application-independent function. Furthermore, since there are various levels of secrecy required for information, it is desirable to protect data in a shared storage area at various levels.